This video at YouTube looks very interesting... I hope to be able to watch the whole thing later today.
As an educational resource it's pretty good so far.
Update 5/22/2008 - It was VERY useful, and I learned some new terms, like Ambient Authority, and got some new examples to use.
Showing posts with label Least Privilege. Show all posts
Showing posts with label Least Privilege. Show all posts
Tuesday, May 20, 2008
Saturday, May 17, 2008
AppArmor
AppArmor is a least-privilege system for Linux which uses the Linux Security Modules interface. Every "armored" application has a profile which specifies the privileges the program requires to do it's job. It's not clear to me right now if this project is still maintained or not, as Novell was leading it, but has since bowed out by laying off the programmers it had on the project.
Tony Jones while giving an overview of AppArmor to the Linux Kernel Mailing List said:
Tony Jones while giving an overview of AppArmor to the Linux Kernel Mailing List said:
Now, this isn't a true capabilities system in that the profiles use names, and are explicit, but it does help enforce least privilege, so it's a very strong step in the right direction.AppArmor is *not* intended to protect every aspect of the system from
every other aspect of the system: the intended usage is that only a
small fraction of all programs on a Linux system will have AppArmor
profiles. Rather, AppArmor is intended to protect the system against a
particular threat.
BeyondTrust | Privilege Manager
I came across BeyondTrust, which might be useful for people in a Windows Environment, because it helps lean towards a least privilege configuration for users. It's definitely not a capabilities based system, but still, you might find it useful.
It allows the Administrator to give rights to run some things, without handing over the administrative password.
It allows the Administrator to give rights to run some things, without handing over the administrative password.
Subscribe to:
Posts (Atom)